Cryptography-Digest Digest #475, Volume #12 Fri, 18 Aug 00 12:13:00 EDT
Contents:
Re: blowfish problem (Richard Bos)
Re: The quick brown fox... (Klaus Pommerening)
Breaking Simple XOR Encryption (Peter)
Re: 215 Hz five-qubit quantum processor ("Dennis O'Connor")
Cryptography and Content Protection (Adriano Prado)
Re: blowfish problem ("Douglas A. Gwyn")
Re: blowfish problem (Paul Schlyter)
Kelsey, Schneier, Wagner and Hall reference "the Codebreakers" (James Muir)
Symmetric Encryption and Decryption ("Koon Kin Hin, Kenny")
Re: Cryptography and Content Protection ("Scott Fluhrer")
Re: DES: Say it or spell it? (Newbie question) ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: DES: Say it or spell it? (Newbie question) ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: 1-time pad is not secure... ("Douglas A. Gwyn")
Re: Java Random Numbers ("Scott Fluhrer")
Re: OTP using BBS generator? (David Hopwood)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Richard Bos)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Fri, 18 Aug 2000 14:20:44 GMT
"Michael Will" <[EMAIL PROTECTED]> wrote:
> After all these years I see there's always something new to learn.
> I should go check my K&R to see if I should have known this from the
> very start. (Yes, the original. The one we had to carry to school
> uphill in the snow both ways, etc.)
No, you shouldn't. It's quite possible that the word byte is used
differently in K&R. However, that doesn't matter in the least, because
since 1989, the C language has been defined by the ISO standard, not by
K&R.
Richard
------------------------------
From: [EMAIL PROTECTED] (Klaus Pommerening)
Subject: Re: The quick brown fox...
Date: 18 Aug 2000 14:22:40 GMT
In <[EMAIL PROTECTED]> Mike Brown wrote:
> Additional pangrams still wanted.
>
Here's my collection of german pangrams, some with "umlauts"-
denoted by "a, "o, "u, and "s for the beta-like s.
- Sylvia wagt quick den Jux bei Pforzheim.
- Bayerische Jagdwitze von Maxl Querkopf.
- Barfuss und quick jagt Hexe mit Zyklops VW.
- Zwei Boxk"ampfer jagen Eva quer durch Sylt.
- Zw"olf s"u"se Boxk"ampfer jagten quer durch Vinyl.
- Zw"olf Boxk"ampfer jagten Viktor quer "uber den Sylter Deich.
- Zw"olf Boxk"ampfer jagten Victor quer "uber den gro"sen Sylter Deich.
- Kaufen Sie jede Woche vier gute bequeme pelze (xy).
- Ein wackerer Bayer vertilgt jeden Tag bequem zwo Pfund Schweinshaxe.
- Ein wackerer Bayer vertilgt ja bequem zwo Pfund Kalbshaxe.
- Karl Mays Pferdevieh sagt jawohl zur Quellnixe am Bach.
- Falsches "Uben von Xylophonmusik qu"alt jeden gr"o"seren Zwerg.
- Bei jedem klugen Wort von Sokrates rief Xanthippe zynisch: Quatsch!
- Franz jagt im total versifften Taxi quer durch Bayern.
- Franz jagt im komplett verwahrlosten Taxi quer durch Bayern.
--
Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/]
Institut fuer Medizinische Statistik und Dokumentation
der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany
------------------------------
From: Peter <[EMAIL PROTECTED]>
Subject: Breaking Simple XOR Encryption
Date: Fri, 18 Aug 2000 14:26:39 GMT
After unsuccessfully searching the deja.com usenet archives
for a relevant thread I have decided to post my (mundane) question to
the forum.
I would appreciate an explanation of the attack that is used against
simple XOR "encryption" schemes.
I have read section 1.2.3 of Schneier (1994) which is (understandably)
curt and I do not understand the method explained.
Could someone explain the two-step process in Schneier or perhaps refer
me to a more detailed explanation than that found in Schneier.
I concede up-front that the failure to grasp the breaking of such a
simple cipher is mine entirely so please don't waste your time pointing
this out to me.
Thanks for reading this
Peter
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Dennis O'Connor" <[EMAIL PROTECTED]>
Crossposted-To: comp.arch
Subject: Re: 215 Hz five-qubit quantum processor
Date: Fri, 18 Aug 2000 07:59:51 -0700
"Bill Unruh" <[EMAIL PROTECTED]> wrote ...
> In <8nctf9$5tf$[EMAIL PROTECTED]> [EMAIL PROTECTED] (Paul Rubin)
writes:
> ]The class of problems a quantum computer can probablistically solve in
> ]P-time is called QBP. It's believed to be larger than P but it still
> ]is no larger than NP. Factoring and other search-type problems sit
> ]inside QBP, but sorry, the classical halting problem is still undecidable.
>
> No, search is still non-polynomial. Grovers speedup was to sqrt(N) which
> is still very non-polynoimial in the length of N.
Hmm, I don't know what you mean by "Non-polynomial".
I will not presume you don't know this, Bill, but for
the benefit of those who don't understand the terminology,
"NP" stands for "Non-deterministic Polynomial (time)",
and refers to the set of algorithms that can be solved in
polynomial time or less by a non-deterministic Turing
machine. A non-deterministic Turing machine can sort
of be described as a Turing machine that "goes both ways
at all branches" until it finds an answer. Another equivalent
of a non-determinist Turing machine is a large (potentially
infinite) set of deterministic Turing machines, one for each
possible answer, that take all the possible answers and,
working in parallel, check which one is true. This latter
is due to the property of NP that says "If finding the
solution to a problem is NP (take polynomial-bounded
time on a non-deterministic Turing machine), then checking
whether a particular value is a solution to a problem is P
(takes polynomial time on a deterministic Turing machine),
and vice versa.
A quantum computer operates by starting with a wave
function that includes all possible solutions to a problem,
and then "collapsing" that wave function to a correct
solution. This makes it akin to a non-deterministic
Turing machine.
A Turing machine, BTW, is particular kind of computer
used in theoretical studies of algorithms. All computers
generally in use are equivalent in capability to a
deterministic finite-memory Turing machine. Quantum
computers would be equivalent I believe to a
non-deterministic finite-memory Turin machine.
This was a bit rushed, so I hope if I've blundered anywhere
someone will point it out.
--
Dennis O'Connor [EMAIL PROTECTED]
Vanity Web Page: http://www.primenet.com/~dmoc/
------------------------------
From: Adriano Prado <[EMAIL PROTECTED]>
Subject: Cryptography and Content Protection
Date: Fri, 18 Aug 2000 14:45:18 GMT
My system has just Alice and Bob. There's nobody else that can listen
their communication.
But Alice must NOT be sure that Bob is really Bob. In fact, Bob can be
anyone. The only requirements here is that Bob has the correct password.
Alice has a key, her serial number, that is known by everyone.
There's a third machine on this scenario: the one who gives
a 'password'
based on that serial number. And none have access to this machine.
So, to Bob see the contents of Alice, he must send her the password
provided.
So, if I have several Alices, each one with a unique serial number, the
system should provide a unique password for each of them.
Well, someone here could give me a direction on what kind of
encryption routine should I study?
Thanx!
--
Adriano Prado
[EMAIL PROTECTED]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Crossposted-To: comp.lang.c
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: blowfish problem
Date: Fri, 18 Aug 2000 14:32:07 GMT
Paul Schlyter wrote:
>
> In article <8nhl7p$[EMAIL PROTECTED]>,
> Michael Will <[EMAIL PROTECTED]> wrote:
> A byte can also be narrower than 8 bits: the old CDC 6600 used 6-bit
> bytes, ..
Actually the 6600 used 6-bit character codes, but as I recall it
supported more or less arbitrary bit fields as bytes. (The location
and extent of the field was specifiable in machine instructions.)
> Of course, Standard C cannot be implemented on such architectures,
> since Standard C requires a char to be at least 8 bits. Thus, to
> implement C on e.g. the CDC 6600, either a char would have to be 6
> bits, which violates Standard C, or else a char would have to be
> different from a byte.
No, that is a misconception. A conforming implementation is
possible under such circumstances, but it would require that
*within C programs* the smallest addressable unit be made
artificially larger than 6 bits. For example, 12 or 60 bits.
While that would make systems programming more difficult than
it should be on that platform, it is still viable. In fact
there were C implementations for such CDC mainframes at one
time (Univ. of Texas had one as I recall), and they tended to
support an extended character set (ASCII) rather than limiting
themselves to 6-bit "display code".
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: 18 Aug 2000 16:12:31 +0200
In article <[EMAIL PROTECTED]>,
Richard Bos <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] (Paul Schlyter) wrote:
>
>> In article <8nhl7p$[EMAIL PROTECTED]>,
>> Michael Will <[EMAIL PROTECTED]> wrote:
>>
>>> Gergo Barany wrote:
>>>> No, a char is always one byte in C.
>>>
>>> No, sizeof(char) is always 1 in C.
>>>
>>> These are not two ways of saying the same thing.
>
> They are, as has been said upthread. C byte != hardware byte.
>
>> A byte can also be narrower than 8 bits:
>
> Not in C, it can't.
>
>> Of course, Standard C cannot be implemented on such architectures,
>> since Standard C requires a char to be at least 8 bits.
>
> Yes, it can; all it needs is that a logical C byte is not the same as a
> hardware byte.
There are no "hardware bytes" on word-addressed machines. The "byte" is
there completely a software construction.
> This is less strange than it sounds, and could even occur
> today, for example on a system where the standard char (and therefore C
> byte) is a Unicode character, and thus 16 bits wide, even if the
> hardware byte is 8 bits.
> On a system where a hardware byte is 6 bits, I'd expect a char (and thus
> a byte) to be 12 bits in C, but of course it could even be 8 bits,
> though that would require a lot of inefficient en- and decoding.
Actually, the CDC 6600 had an altneraive character encoding, which
used 12 bits ber character. In CDC jargon, this was called "ASCII",
probably because they then could encode equivalents to the entire
ASCII character set -- with the 6-bit bytes they could encode only
upperfcase letters, digits, and some other symbols -- there were no
lowercase letters or control characters in that character set (which
caused some odd behaviour for end-of-lines, which were encoded as
at least three consecutive 00's at the end of a 60-bit word: now 00
also happened to be the 6-bit character code for a colon (':'). So
if you, in an editor, entered too many consecutive colons, you suddenly
had an end-of-line instead!!!)
So implementing C on the CDC 6600 would probably me manageable. But
what about the DEC-10, which used both 7-bit and 8-bit bytes? Sure, a
C implementation would use 8-bit chars of course. The word size of
the DEC-10 was 36 bits, and 36/8 = 4.5. An int would naturally be
36 bits on the DEC-10 -- but what value should sizeof(int) then return?
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
From: James Muir <[EMAIL PROTECTED]>
Subject: Kelsey, Schneier, Wagner and Hall reference "the Codebreakers"
Date: Fri, 18 Aug 2000 15:20:59 GMT
This is a repost with a new subject line. I hope it catches someone's
eye.
In a paper on side channel cryptanalysis the authors ( Kelsey, Schneier,
Wagner and Hall ) mention a reference from Kahn's "The Codebreakers"
where a mechanical enciphering device was comprised when an adversary
recorded the clicks of the gears as it operated. I'd like to read that
passage from myself -- could someone point me to the right chapter or
page?
Thanks.
-James
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Koon Kin Hin, Kenny" <[EMAIL PROTECTED]>
Subject: Symmetric Encryption and Decryption
Date: Fri, 18 Aug 2000 23:41:17 +0800
To: Everyone
>From : Kenny
Can anyone help me to answer my question?
1. Can anyone tell me the process of Symmetric Encryption and Decryption in
detail?
2. How can a smart card can perform processing function by itself?
Thanks for your help.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Cryptography and Content Protection
Date: Fri, 18 Aug 2000 08:15:07 -0700
Adriano Prado <[EMAIL PROTECTED]> wrote in message
news:8nji5n$uis$[EMAIL PROTECTED]...
The problem is rather unclear. I'll ask some questions to get more details:
> My system has just Alice and Bob. There's nobody else that can listen
> their communication.
Do you mean: "the communication session is inherently secure, and we do not
have to worry about evesdroppers or active attackers"?, or do you mean "I
want to make the communication session secure"? In addition, if you believe
the communication session is secure, does that mean that they're no
possibility that a Mallet could intercept Bob's call to Alice and pretend to
be Alice?
>
> But Alice must NOT be sure that Bob is really Bob. In fact, Bob can be
> anyone. The only requirements here is that Bob has the correct password.
>
> Alice has a key, her serial number, that is known by everyone.
If Alice's key is public, and they're no public key crypto going on, in what
sense is it a key? Or, do you mean that it is an identifier ("Hi, I'm
Alice")?
>
> There's a third machine on this scenario: the one who gives
> a 'password'
> based on that serial number. And none have access to this machine.
If there's no communication going into/out of this box, then why mention it
at all? It's not a part of the protocol unless it sends/receives some
message sometime with someone else
>
> So, to Bob see the contents of Alice, he must send her the password
> provided.
If Alice knows the password, and if the line is inherently secure, this is
perfectly straightforward. If Alice knows the password, and the line isn't
secure, then you can consider either public key cryptography (have Alice
publish a public key, which Bob encrypts his password with), or something
like EKE (encrypted key exchange). If Alice doesn't know the password, then
somehow, she'll need to communicate with someone she trusts who knows the
password -- possibly the third machine that refused to talk with anybody?
Oh, and if there is a third party, is the connection to the third party
secure?
>
> Well, someone here could give me a direction on what kind of
> encryption routine should I study?
I think you should more clearly state exactly what the problem is first.
Lets start with the questions I outlined above.
--
poncho
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DES: Say it or spell it? (Newbie question)
Date: Fri, 18 Aug 2000 14:45:05 GMT
Jim Reeds wrote:
> Like Doug Gwyn, I spell out D. E. S., but almost everyone
> else I seems to say "Dez". I think it's a generational
> thing: us true old farts spell it out right, but newbies
> have been calling it Dez for a couple of decades now.
Maybe you're right about the generational thing. Most
people I know in the business are old-timers, many of
whom learned their approach to terminology through
instruction by the likes of Friedman and Callimahos,
as well as being thoroughly schooled in the three Rs.
> How about XOR? I justabout flipped the first time I heard
> it pronounced "ksor".
Wow! it's hard to believe. The standard pronunciation
among all the pros I know is "eks-or", since it is an
abbrevation for EXclusive-OR. (DES on the other hand is
a pure acronym and thus by conventional English rules
is pronounced as the sequence of individual letters.)
Maybe what's happening is that newbies first encounter
these terms in writing, and having no clue about their
pronunciation, they just invent one. Certainly I don't
expect them to have learned much about English from
their stint in the public school system. Why, on
numerous occasions I've seen commercial advertisements
that spell the possessive pronoun "its" as "it's".
> Psaugh!
Is that like "pshaw!"?
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 18 Aug 2000 14:50:06 GMT
Guy Macon wrote:
> Tim Tyler wrote:
> >To *ignore* these (as, for example Bruce Scheiner does in AC when he
> >writes "Beleive it or not there's a perfect encryption scheme." - p.15,
> >2nd ed.) is not sensible.
> Whenever I find that my reasoning in an area where I am not an expert
> leads me to the conclusion that standard textbooks on the subject are
> wrong, I take the possibility that it is my reasoning that is wrong
> much more seriously than yoy seem to. You should think about that.
Good advice. Even the most respected authors do make occasional
mistakes, but not nearly as readily as the typical reader.
A perfect *scheme* can exist without ever being perfectly
*realized*.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: DES: Say it or spell it? (Newbie question)
Date: Fri, 18 Aug 2000 14:48:21 GMT
"S. T. L." wrote:
> I have always said "DES" as three letters, but "IDEA" as a single word.
Yes, since IDEA was evidently selected to be a pronounceable
acronym, that is appropriate.
For example, we just gave a demo for a program called "CTA"
which is pronounced "see tee aay", not "stah", but the big
project "MUVES" I worked on years ago was called "moves",
not spelled out (except when helping somebody write it down).
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 18 Aug 2000 15:03:58 GMT
Tim Tyler wrote:
> You don't have any basis for the claim that there are no initial
> conditions. What you have is ignorance of any relevant initial
> conditions. This is not necessarily the same thing.
You're actually talking about hidden variables, not initial
conditions (which has a different, formal meaning). Again,
the current state of physical knowledge about irreducible
randomness is that it is *different in kind* from the simple
lack of knowledge of details underlying classical sources of
apparent randomness. A fundamental unknowability is not the
same as an accidental lack of knowledge about something that
is in principle knowable. The difference in character leads
to different mathematical properties. That difference has
been empirically confirmed, so we *know* that the underlying
randomness is irreducible. That is not an assumption, it is
a conclusion.
To actually spell out step by step the entire chain of
reasoning and observation leading to that conclusion would
require much more space and work than are appropriate for
this forum. However, you should be able to learn them by
studying quantum physics. (It will take a while.)
> However, this all seems rather a long way from OTPs. Without a good
> method getting macroscopic measured events from quantum phenomena, in
> the face of opposition from ones' opponents, discussion of quantum
> theory seems rather irrelevant.
I don't know why you continue to maintain that there is no
"good method of getting macroscopic measured events from
quantum phenomena". Even a simple scintillation chamber
demonstrates the contrary.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: 1-time pad is not secure...
Date: Fri, 18 Aug 2000 14:51:28 GMT
Guy Macon wrote:
> You aren't fooling anyone, you know.
Apparently I fooled you, or at least you're misunderstanding.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Java Random Numbers
Date: Fri, 18 Aug 2000 08:37:56 -0700
<[EMAIL PROTECTED]> wrote in message news:8nje9h$pis$[EMAIL PROTECTED]...
> Java implementation of Random Number Generator.
Is this supposed to be another implementation of the exact same random
number generator you published earlier? If so, have you run test vectors to
verify that it is the same generator? It looks like it has a few bugs. In
particular, I believe that char's in Java are always 8 bits, and so anytime
you try to store something in the "upper 8 bits", it gets lost.
In addition, you still haven't answered my question: what claims are you
making for this generator? That it's computationally indistinguishable from
a random oracle? That it's a statistically good random number generator?
That it outputs lots of bytes? You have previously asserted that "There are
no weakness and holes in this algorithm", but unless you say what the
algorithm is supposed to do, that's a meaningless statement.
--
poncho
------------------------------
Date: Fri, 18 Aug 2000 05:45:11 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: OTP using BBS generator?
=====BEGIN PGP SIGNED MESSAGE=====
David Hopwood wrote:
> Tim Tyler wrote:
> > Another issue might be that rejecting short cycles appears to
> > decrease the size of the keyspace. Has anyone yet proposed that rejecting
> > these seeds is a cause of loss of strength? ;-)
>
> I thought about that, and concluded that it doesn't. (An amusing proof is to
> use the fact that the short cycle checks have no effect except with negligable
> probability :-)
... except that the distribution of moduli is different, of course.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOZy/LTkCAxeYt5gVAQHu8gf+J1MKbtaCzWDum9YjrBXYLUhO8Neguyee
rIurOw9p46p4N4yBGy8qCI4YloMOKcFaPWkhP2ZHPjye8XjTlpoptcoSwiUbBHWa
gdlbCbumsJwtT8ePHTh0a4LU8q1URrYm8hB5E4/zM9N1ocEecY0vb1XRkv0Xe2Gl
uLVCB8yU9lbnY8+KV8g1x9R3AQhNDEa+1kUQ5H0JtkptwQkL//KHAbvpyz440mcM
YeHNignst5y4/CIPHyiu2RQ+yDOrwGMfWnuIqbEb+7Fd2OPnjlSyA/aFH2btmMT0
Q8w/FjcqxEE5nqPzh58XSh5QAokuY1bTN2SnYld44U19kWJ6k7i0XQ==
=W2mo
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
